ISPCONFIG - JOOMLA - extensions (images) issue

I've installed a coupe of test sites using ISPCONFIG (on a vmware test machine with the precompiled image).

With the exception of not having a spec file to properly re-issue the certificate (it is not in the standard place, but hey, it' only a test).

I can set up a user, create sites, FTP content, etc. no problem.

As an example, if I create a brand new site it works fine. If I add a component/module there is an issue with permissions on ISPCONFIG.

I get:

-----
"403 Forbidden"

The following error occurred:

You are not permitted to access the requested URL

Please contact the Webmaster with any queries.
-----

This happens with multiple components/modules. And it seems to only relate to "images". They are not broken links, they simply will not show up in the page. I am sure the relative link, live site config and DNS are working exactly as they should.

It only happens when you add a module into the Joomla (virtuemart fails to show any images, same with Jevents). If I install the virtue ecommerce edition of Joomla it's fine. But if I add a module AFTER the original install, it still fails to show images and looks cosmetically like a permissions issue somewhere.

Does anyone have any insight on this? I am installing with the same user that owns the web site, I have also checked the permissions on the directory. I works fine on other control panels, just not with ISPCONFIG in the manner I have it deployed to test. Any ideas?

This might be related to Joomla's .htaccess file. Search for "joomla .htaccess" and "joomla ispconfig" with the forum's search function. You should find some interesting threads.

Click to expand...

This is my first post. After I submitted I realize it was in the wrong place. Sorry.

I believe I have it figured out. It was not an htacces issue, it was stranger than that. If I set the rights for the directories to "755" and contents to "644", it works. If I do it in the directory above that, recursive, it does not. Does anyone have any answer for that? Again, I am using the VMWARE image posted at their site.

As I was trying to pull the image through the browser directly and getting the "403" error, it seemed that .htaccess was not the issue, because it is as defaults and I have not enabled SEF or any 3rd party SEF modules.

If I change the CHMOD in the JOOMLA config (Site>Global Configuration>Server) it will work (the how-to does not address this so I assumed the defaults would work properly). It seems the limited permissions on the directories negate the ability to use the contents (images).

Some files created through Joomla's admincp will automatically give it 755 and sometimes 777 perms. Joomla also chowns the files and directories it creates when installing modules and components, making it almost impossible to edit and add files via ftp client.

Either delete the components and modules through ftp and reinstall them through administration or chown -r 4096:4096 every folder and file in components and module both in admin and joomla root directories.

Isn't it a security risk to give full permission to the world on a joomla folder.
Somebody says anyone could thus "upload something to your folders via joomla forms".
On your opinion, is this an issue we should pay attention to?
Thanks.